﻿using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.OData.Query;

namespace Devonline.Identity.Admin.Controllers;

[Route("api/[controller]")]
[ApiController]
[SecurityHeaders]
[Authorize(Roles = GROUP_MAINTAINERS)]
public class LevelsController : ControllerBase
{
    private readonly IDataService<IdentityDbContext, Level> _dataService;

    public LevelsController(IDataService<IdentityDbContext, Level> dataService) => _dataService = dataService;

    [HttpGet, EnableQuery]
    public IActionResult Get() => Ok(_dataService.GetQueryable());

    [HttpPost]
    public async Task<IActionResult> CreateAsync(LevelViewModel viewModel) => Ok(await _dataService.AddAsync<LevelViewModel, Attachment>(viewModel, default));

    [HttpPut]
    public async Task<IActionResult> UpdateAsync(LevelViewModel viewModel) => Ok(await _dataService.UpdateAsync<LevelViewModel, Attachment>(viewModel, default, true));

    [HttpDelete("{id}")]
    public async Task<IActionResult> DeleteAsync(string id)
    {
        await _dataService.DeleteAsync<Level, Attachment>(id, default, true);
        return Ok();
    }
}